CLAIMS 

We claim: 

1. In a computerized network environment including two or more computer 
systems sending messages through a network communication protocol, a method of 
receiving secure messages using custom security tokens, the method comprising: 

an act of identifying one or more security tokens in a received message that has 
been encrypted, and a value type corresponding with each identified 
security token; 

an act of matching the identified corresponding value type to a stored value type 
for a stored security token that the receiving computer system can 
access; 

an act of receiving data from the at least one identified security token into the 
stored value type that has been matched, wherein the raw data includes 
one or more of identification information, and a custom property; and 

an act of decrypting an encrypted portion of the received message based at least 
in part on the raw data received from the at least one identified security 
token. 

2. The method as recited in claim 1, wherein the received message includes one or 
more digital signatures, the method further comprising an act of authenticating at least 
one of the one or more digital signatures. 

3. The method as recited in claim 1, further comprising an act of receiving a 
message from a sending computer system, the message including an encrypted portion 
and one or more security tokens. 
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4. The method as recited in claim 1, wherein the one or more security tokens are 
represented in the message by a markup language identifier, and wherein the at least 
one identified security token is identified by the markup language identifier. 

5. The method as recited in claim 1, wherein the at least one identified security 
token is a binary security token. 

6. The method as recited in claim 4, wherein the identified corresponding value 
type is a custom value type created by the sending computer system or the receiving 
computer system, and that the receiving and sending computer system can access. 

7. The method as recited in claim 1, further comprising an act of updating one or 
more properties of the stored security token that is accessible by the receiving 
computer system with one or more of the identification information and the custom 
property. 

8. The method as recited in claim 7, further comprising an act of creating a security 
key when updating the one or more properties of the stored security token. 

9. The method as recited in claim 1, wherein the identified at least one security 
token is serialized in the received message based on a private key that is shared 
between the sending and receiving computer system. 

10. The method as recited in claim 9, wherein the private key is accessed from a key 
provider that both the sending and the receiving computer systems can access. 

1 1 . The method as recited in claim 1 , wherein the one or more security tokens are 
found in a security header portion of the message. 

12. The method as recited in claim 11, wherein, prior to receiving the message, the 
at least one identified token is serialized into the security header portion of the 
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message by transforming the at least one identified security token into base 64 
encoded data. 

13. The method as recited in claim 12, wherein deserializing comprises an act of 
converting data from the identified at least one token from base 64 encoding to a byte 
array. 
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14. In a computerized network environment including two or more computer 
systems sending messages through a network communication protocol, a method of 
receiving secure messages using custom security tokens, the method comprising: 

an act of identifying one or more security tokens in a received message that has 
been encrypted, and a value type corresponding with each identified 
security token; 

an act of matching the identified corresponding value type to a stored value type 
for a stored security token that the receiving computer system can 
access; and 

a step for using customizable information contained within at least one of the 
identified one or more security tokens and the stored value type to 
decrypt the message and access data contained within the message. 

15. The method as recited in claim 14, wherein the step for using customizable 
information contained within at least one of the identified one or more security tokens 
comprises: 

an act of receiving data from the at least one identified security token into the 
stored value type that has been matched, wherein the raw data includes 
one or more of identification information, and a custom property; and 

an act of decrypting an encrypted portion of the received message based at least 
in part on the raw data received from the at least one identified security 
token. 

16. The method as recited in claim 15, wherein the received message includes one 
or more digital signatures, and wherein the step for using customizable information 
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contained within at least one of the identified one or more security tokens comprises 
an act of authenticating at least one of the one or more digital signatures. 
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17. In a computerized network environment including two or more computer 
systems sending messages through a network communication protocol, a method of 
sending secure messages using custom security tokens, the method comprising: 

an act of a sending computer system generating one or more security tokens 
using one or more corresponding value types, each token including token 
data that includes one or more of a custom property, a signature, and an 
encryption level; 

an act of encrypting a portion of a message using at least one of the one or more 
generated security tokens; 

an act of inserting the at least one generated security token in an outbound token 
collection; and 

an act of converting the token data for the outbound token collection using a 
private key that is accessible by the sending computer system and a 
receiving computer system. 

18. The method as recited in claim 17, further comprising an act of including one or 
more digital signatures in the message, wherein the one or more digital signatures are 
authenticated prior to decrypting the encrypted portion of the message. 

19. The method as recited in claim 17, further comprising an act of including private 
key information in the message, such that the receiving computer system can access 
the key from a key provider based on the key information before deserializing the 
message. 

20. The method as recited in claim 17, wherein the act of converting the token data 
comprises serializing the token data into base 64 encoding. 
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21. The method as recited in claim 17, wherein the at least one generated security 
token is a custom security token created using a custom value type, and wherein the 
custom value type is accessible by both the sending and receiving computer systems. 

22. The method as recited in claim 17, further comprising an act of creating a 
signature or encryption function based on the included one or more of a custom 
property, a signature, and an encryption level in the created binary token. 

23. The method as recited in claim 17, further comprising an act of including a 
program language value corresponding with each token that is included in the 
outbound token collection. 

24. The method as recited in claim 23, wherein the program language value is a 
Common Language Runtime value. 

25. The method as recited in claim 17, wherein the act of inserting the at least one 
generated security token in an outbound token collection further comprises: 

an act of identifying a markup language representation of the at least one 
generated security token, and 

an act of placing the markup language representation of the at least one 
generated security token in the outbound token collection. 

26. The method as recited in claim 25, further comprising an act of assigning the 
markup language representation of the at least one generated security token a global 
unique identifier. 

27. The method as recited in claim 26, wherein the outbound token collection is a 
hash table that is keyed by the global unique identifier of the at least one generated 
security token. 
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28. The method as recited in claim 27, wherein the global unique identifier is 
inserted into a signature or encryption portion of the message. 
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29. In a computerized network environment including two or more computer 
systems sending messages through a network communication protocol, a method of 
sending secure messages using custom security tokens, the method comprising: 

an act of a sending computer system generating one or more security tokens 
using one or more corresponding value types, each token including token 
data that includes one or more of a custom property, a signature, and an 
encryption level; 

a step for using the generated one or more security tokens to secure a message to 
be sent to a receiving computer system computer, whereby the message 
does not have to be decrypted or deserialized by an intermediate service 
provider prior to the message reaching the receiving computer system. 

30. The method as recited in claim 29, wherein the step for serializing each of the 
created one or more binary tokens comprises: 

an act of encrypting a portion of a message using at least one of the one or more 
generated security tokens; 

an act of inserting the at least one generated security token in an outbound token 
collection; and 

an act of converting the token data for the outbound token collection using a 
private key that is accessible by the sending computer system and a 
receiving computer system. 

31. The method as recited in claim 30, wherein the step for serializing each of the 
created one or more binary tokens further comprises an act of including one or more 
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digital signatures in the message, such that the one or more digital signatures are be 
authenticated prior to decrypting the encrypted portion of the message. 
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